﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Text.RegularExpressions;
using System.Data;

namespace SGRapidForm.Common
{
    /// <summary>
    /// 检测和过滤字符串辅助类
    /// </summary>
    public static class DetectionAndFiltering
    {
        /// <summary>
        /// 判断一个输入参数是否是有效字符串
        /// </summary>
        public static bool DetectParameterType(string parameter, DbType parameterType)
        {
            if (string.IsNullOrEmpty(parameter))
            {
                return false;
            }
            switch (parameterType)
            {
                case DbType.Byte:
                case DbType.Int32:
                case DbType.Single:
                case DbType.Double:
                    Double dou;
                    return Double.TryParse(parameter, out dou);
                case DbType.Decimal:
                    Decimal dec;
                    return Decimal.TryParse(parameter, out dec);
                case DbType.DateTime:
                    DateTime dat;
                    return DateTime.TryParse(parameter, out dat);
                case DbType.Boolean:
                    Boolean boo;
                    return Boolean.TryParse(parameter, out boo);
                case DbType.Guid:
                    Guid gui;
                    return Guid.TryParse(parameter, out gui);
                case DbType.String:
                    return true;
                default: return false;
            }
        }

        /// <summary>
        /// 过滤一个查询参数（主要是过滤字符串类型参数）
        /// </summary>
        /// <param name="parameter"></param>
        /// <param name="parameterType"></param>
        /// <returns></returns>
        public static string FilterAParameter(string parameter)
        {
            return parameter.Replace("'", "''");
        }

        /// <summary>
        /// 过滤HTML代码
        /// </summary>
        public static string FilterHtmlCodes(string htmlCode)
        {
            if (htmlCode == null)
            {
                return "";
            }
            else
            {
                //删除脚本字符
                htmlCode = Regex.Replace(htmlCode, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
                //删除HTML字符
                htmlCode = Regex.Replace(htmlCode, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"-->", "", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"<!--.*", "", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, @"&#(\d+);", "", RegexOptions.IgnoreCase);
                htmlCode = Regex.Replace(htmlCode, "xp_cmdshell", "", RegexOptions.IgnoreCase);
                return htmlCode;
            }
        }
    }
}